CVE-2025-38481 comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38348

The CVE-2025-38348 issue is in the Linux kernel wifi driver for the Intersil p54 interface. A malicious USB device could cause a buffer over-read in p54_rx_eeprom_readback() by tampering v1/v2 eeprom length fields, potentially crashing the host. A patch was applied to store the eeprom size in the...

CVE-2022-50185

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in nisetmcspecialregisters The last case label can write two buffers 'mcregaddressj' and 'mcdataj' with 'j' offset equal to SMCNISLANDSMCREGISTERARRAYSIZE since there are no checks for th...

CVE-2023-28576

The buffer obtained from kernel APIs such as cammemgetcpubuf may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header e.g. header.count, causing checks e.g. size checks in kernel code to be invalid. This may lead to...

CVE-2019-15880

In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic...

CVE-2024-52880

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-52877

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2025-37803 udmabuf: fix a buf size overflow issue during udmabuf creation

In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting sizelimitmb to u64 when calculate pglimit...

Linux Distros Unpatched Vulnerability : CVE-2024-53106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in imaeventdigestinitcommon Function imaeventdigestinit calls...

Linux Distros Unpatched Vulnerability : CVE-2021-47645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: staging: media: zoran: calculate the right buffer number for zoranreapstatcom On the case tmpdcim=1, the index of buffer is miscalculated. This generate ...

CVE-2024-54456

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfssysfslinkrpcclient name is char64 where the size of clnt-clprogram-name remains unknown. Invoking strcat directly will also lead to potential buffer overflow. Change them to strscpy and...

CVE-2024-57998 OPP: add index check to assert to avoid buffer overflow in _read_freq()

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in readfreq Pass the freq index to the assert function to make sure we do not read a freq out of the opp-rates table when called from the indexed variants:...

CVE-2022-49401

In the Linux kernel, the following vulnerability has been resolved: mm/pageowner: use strscpy instead of strlcpy current-comm is not a string no guarantee for a zero byte in it. strlcpys1, s2, l is calling strlens2, potentially causing out-of-bound access, as reported by syzbot: detected buffer...

CVE-2022-49247 media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2BUFSTATEQUEUED If the callback 'startstreaming' fails, then all queued buffers in the driver should be returned with state 'VB2BUFSTATEQUEUED'. Currently, they are...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to ensure that strings are terminated with a null character during copying of user-space data to a...

CVE-2021-47227 x86/fpu: Prevent state corruption in __fpu__restore_sig()

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in fpurestoresig The non-compacted slowpath uses copyfromuser and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entirely invali...

CVE-2023-43525

Memory corruption while copying the sound model data from user to kernel buffer during sound model register...

CVE-2023-43525 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while copying the sound model data from user to kernel buffer during sound model register...

CVE-2023-43525

CVE-2023-43525 describes a memory corruption vulnerability in Qualcomm audio components related to copying sound model data from user space to a kernel buffer during sound model registration. The issue affects Qualcomm audio-related components listed in the Android Pixel bulletin (CVE-2023-43525 ...